Support setting password for user root

diff --git a/TODO b/TODO
index f362a6b..99b777b 100644 (file)
--- a/TODO
+++ b/TODO
@@ -6,7 +6,7 @@ TODO list for grml-debootstrap
   * grml-etc-core
   * grml-x + xserver-xorg [configuration of X]
 * support selection between DESKTOP/WORKSTATION and SERVER (provide default packages selection)
   * grml-etc-core
   * grml-x + xserver-xorg [configuration of X]
 * support selection between DESKTOP/WORKSTATION and SERVER (provide default packages selection)

-* support *full* automatic installation where not a single keypress is necessary (in progress)
+* support *full* automatic installation where not a single keypress is necessary (done)

   -> support bootoption debian2hd for installation through bootoption on live-cd
 * support for LVM + SW-RAID [should work through installation into directory, needs testing though]
 * support rpmstrap (bootstrap a basic RPM-based system)
   -> support bootoption debian2hd for installation through bootoption on live-cd
 * support for LVM + SW-RAID [should work through installation into directory, needs testing though]
 * support rpmstrap (bootstrap a basic RPM-based system)

diff --git a/chroot-script b/chroot-script
index 0dc55be..d4ebff2 100644 (file)
--- a/chroot-script
+++ b/chroot-script
@@ -4,7 +4,7 @@
 # Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
 # Bug-Reports:   see http://grml.org/bugs/
 # License:       This file is licensed under the GPL v2.
 # Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
 # Bug-Reports:   see http://grml.org/bugs/
 # License:       This file is licensed under the GPL v2.

-# Latest change: Mon Apr 16 15:26:11 CEST 2007 [mika]
+# Latest change: Mon Apr 16 18:39:21 CEST 2007 [mika]

 ################################################################################
 
 set -e # exit on any error
 ################################################################################
 
 set -e # exit on any error


@@ -14,6 +14,8 @@ set -e # exit on any error
 
 [ -r /proc/1 ] || mount -t proc   none /proc
 
 
 [ -r /proc/1 ] || mount -t proc   none /proc
 

+# variable checks {{{
+

 # use aptitude only if it's available
 if [ -x /usr/bin/aptitude ] ; then
    APTINSTALL='aptitude -y install '
 # use aptitude only if it's available
 if [ -x /usr/bin/aptitude ] ; then
    APTINSTALL='aptitude -y install '


@@ -23,7 +25,6 @@ else
    APTUPDATE='apt-get update'
 fi
 
    APTUPDATE='apt-get update'
 fi
 

-# variable checks {{{

 if [ -z "$STAGES" ] ; then
    STAGES='/etc/debootstrap/stages'
    [ -d "$STAGES" ] || mkdir -p "$STAGES"
 if [ -z "$STAGES" ] ; then
    STAGES='/etc/debootstrap/stages'
    [ -d "$STAGES" ] || mkdir -p "$STAGES"


@@ -139,14 +140,79 @@ reconfigure() {
 # }}}
 
 # set password of user root {{{
 # }}}
 
 # set password of user root {{{

+setpassword() {
+# Set a password, via chpasswd.
+# Use perl rather than echo, to avoid the password
+# showing in the process table. (However, this is normally
+# only called when first booting the system, when root has no
+# password at all, so that should be an unnecessary precaution).
+#
+# Pass in three arguments: the user, the password, and 'true' if the
+# password has been pre-crypted (by preseeding).
+#
+# Taken from /var/lib/dpkg/info/passwd.config
+        SETPASSWD_PW="$2"
+        export SETPASSWD_PW
+
+        # This is very annoying. chpasswd cannot handle generating md5
+        # passwords as it is not PAM-aware. Thus, I have to work around
+        # that by crypting the password myself if md5 is used.
+        USE_MD5=1
+        export USE_MD5
+
+        if [ "$3" = true ]; then
+                PRECRYPTED=1
+        else
+                PRECRYPTED=''
+        fi
+        export PRECRYPTED
+        LC_ALL=C LANGUAGE=C LANG=C perl -e '
+                sub CreateCryptSalt {
+                        my $md5 = shift;
+
+                        my @valid = split(//, "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
+                        my ($in, $out);
+
+                        my $cryptsaltlen = ($md5 ? 8 : 2);
+
+                        open (F, "</dev/urandom") || die "No /dev/urandom found!";
+                        foreach (1..$cryptsaltlen) {
+                                read(F, $in, 1);
+                                $out .= $valid[ord($in) % ($#valid + 1)];
+                        }
+                        close F;
+                        return ($md5 ? "\$1\$$out\$" : $out);
+                }
+
+                open(P,"| chpasswd -e");
+                if ($ENV{PRECRYPTED}) {
+                        print P shift().":$ENV{SETPASSWD_PW}\n";
+                } else {
+                        print P shift().":".
+                                crypt($ENV{SETPASSWD_PW}, CreateCryptSalt($ENV{USE_MD5})).
+                                "\n";
+                }
+                close P;
+        ' "$1"
+        SETPASSWD_PW=''
+        USE_MD5=''
+        PRECRYPTED=''
+}
+

 passwords() {
   echo "Activating shadow passwords."
   shadowconfig on
 passwords() {
   echo "Activating shadow passwords."
   shadowconfig on

-  echo "Setting password for user root:"
-  set +e # do not exit if passwd returns error due to missmatching passwords
-  passwd
-  echo ""
-  set -e # restore default behaviour again
+
+  if [ -n "$ROOTPASSWORD" ] ; then
+     setpassword root "$ROOTPASSWD" false
+     export ROOTPASSWD=''
+  else
+     echo "Setting password for user root:"
+     set +e # do not exit if passwd returns error due to missmatching passwords
+     passwd
+     echo ""
+     set -e # restore default behaviour again
+  fi

 }
 # }}}
 
 }
 # }}}
 


@@ -289,6 +355,8 @@ services() {
 
 # unmount all filesystems in chroot, make sure nothing is left {{{
 finalize() {
 
 # unmount all filesystems in chroot, make sure nothing is left {{{
 finalize() {

+  # make sure we don't leave any sensible data
+  rm -f /etc/debootstrap/variables

   umount -a    1>/dev/null 2>/dev/null || true
   umount /proc 1>/dev/null 2>/dev/null || true
   umount /proc 1>/dev/null 2>/dev/null || true
   umount -a    1>/dev/null 2>/dev/null || true
   umount /proc 1>/dev/null 2>/dev/null || true
   umount /proc 1>/dev/null 2>/dev/null || true


@@ -305,7 +373,6 @@ finalize() {
   stage mkinitrd       && mkinitrd       && stage mkinitrd done
   stage kernel         && kernel         && stage kernel done
   stage reconfigure    && reconfigure    && stage reconfigure done
   stage mkinitrd       && mkinitrd       && stage mkinitrd done
   stage kernel         && kernel         && stage kernel done
   stage reconfigure    && reconfigure    && stage reconfigure done

-  stage passwords      && passwords      && stage passwords done

   stage hosts          && hosts          && stage hosts done
   stage interfaces     && interfaces     && stage interfaces done
   stage timezone       && timezone       && stage timezone done
   stage hosts          && hosts          && stage hosts done
   stage interfaces     && interfaces     && stage interfaces done
   stage timezone       && timezone       && stage timezone done


@@ -313,6 +380,7 @@ finalize() {
   stage hostname       && hostname       && stage hostname done
   stage initrd         && initrd         && stage initrd done
   stage grub           && grub           && stage grub done
   stage hostname       && hostname       && stage hostname done
   stage initrd         && initrd         && stage initrd done
   stage grub           && grub           && stage grub done

+  stage passwords      && passwords      && stage passwords done

   stage services       && services       && stage services done
   stage finalize       && finalize       && stage finalize done
 # }}}
   stage services       && services       && stage services done
   stage finalize       && finalize       && stage finalize done
 # }}}

diff --git a/config b/config
index 8332b6c..9a66f30 100644 (file)
--- a/config
+++ b/config
@@ -3,7 +3,7 @@
 # Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
 # Bug-Reports:   see http://grml.org/bugs/
 # License:       This file is licensed under the GPL v2.
 # Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
 # Bug-Reports:   see http://grml.org/bugs/
 # License:       This file is licensed under the GPL v2.

-# Latest change: Mon Apr 16 14:17:19 CEST 2007 [mika]
+# Latest change: Mon Apr 16 18:45:19 CEST 2007 [mika]

 ################################################################################
 
 ################################################################################
 ################################################################################
 
 ################################################################################


@@ -76,6 +76,10 @@ HOSTNAME='grml'
 # use 2.6-686 for i386 and 2.6-amd64 for amd64
 # KERNEL='2.6-686'
 
 # use 2.6-686 for i386 and 2.6-amd64 for amd64
 # KERNEL='2.6-686'
 

+# set password of user root without prompting, please use with caution
+# only, because you usually don't want to share your password(s) ;-)
+# ROOTPASSWORD=''
+

 # name of debootstrap executable
 # supported values: debootstrap cdebootstrap
 DEBOOTSTRAP='debootstrap'
 # name of debootstrap executable
 # supported values: debootstrap cdebootstrap
 DEBOOTSTRAP='debootstrap'

diff --git a/grml-debootstrap b/grml-debootstrap
index 0f61061..2682e1e 100755 (executable)
--- a/grml-debootstrap
+++ b/grml-debootstrap
@@ -4,7 +4,7 @@
 # Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
 # Bug-Reports:   see http://grml.org/bugs/
 # License:       This file is licensed under the GPL v2.
 # Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
 # Bug-Reports:   see http://grml.org/bugs/
 # License:       This file is licensed under the GPL v2.

-# Latest change: Mon Apr 16 15:42:34 CEST 2007 [mika]
+# Latest change: Mon Apr 16 19:10:16 CEST 2007 [mika]

 ################################################################################
 # http://www.debian.org/releases/stable/i386/index.html.en
 
 ################################################################################
 # http://www.debian.org/releases/stable/i386/index.html.en
 


@@ -33,14 +33,32 @@ fi
 
 # cmdline handling {{{
 usage() {
 
 # cmdline handling {{{
 usage() {

-  einfo "$0 - wrapper around debootstrap for installing plain Debian via grml"
-  einfo "Adjust /etc/debootstrap/config and invoke $0 afterwards."
+  einfo "$0 - version $VERSION"
+  echo  "   A wrapper around debootstrap for installing plain Debian via grml"
+  echo
+  einfo "Usage: $0 [options]"
+  echo  "   Adjust /etc/debootstrap/config and invoke $0 afterwards or use the cmdline option:"
+  echo
+  einfo "Valid options:"
+  echo  "
+    -h|--help              Print this usage information and exit.
+    -v|--version           Show summary of options and exit.
+
+    -t|--target <target>   Target partition (/dev/...) or directory.
+    -r|--release <release> Specify release of new Debian system. Supported relases: sarge, etch, lenny and sid.
+    -m|--mirror <URL>      Specify mirror which should be used for apt-get/aptitude.
+    -p|--mntpoint <mnt>    Specify mountpoint that should be used for mounting the target system.
+    --groot <device>       Specify root device for usage in grub (corresponds with \$TARGET).
+    --grub <device>        Where do you want to install grub to? Use grub syntax for specifying.
+    --password <pwd>       Use specified password as password for user root. Use with caution.
+
+"

 }
 
 while [ "$#" -gt "0" ] ; do
     case $1 in
         -v|--version)
 }
 
 while [ "$#" -gt "0" ] ; do
     case $1 in
         -v|--version)

-            einfo "$0 version $VERSION"
+            einfo "$0 - version $VERSION"

             einfo "Send bug reports to Michael Prokop <mika@grml.org>."
             eend 0
             exit 0
             einfo "Send bug reports to Michael Prokop <mika@grml.org>."
             eend 0
             exit 0


@@ -65,6 +83,10 @@ while [ "$#" -gt "0" ] ; do
             shift
             MNTPOINT=$1
             ;;
             shift
             MNTPOINT=$1
             ;;

+        --password)
+            shift
+            ROOTPASSWORD=$1
+            ;;

         -m|--mirror)
             shift
             MIRROR=$1
         -m|--mirror)
             shift
             MIRROR=$1


@@ -132,12 +154,15 @@ else
 fi
 
 # provide variables to chroot system
 fi
 
 # provide variables to chroot system

-[ -n "$ARCH" ]   && echo "ARCH=$ARCH"     > /etc/debootstrap/variables
+touch /etc/debootstrap/variables
+chmod 600 /etc/debootstrap/variables # make sure nobody except root can read it
+[ -n "$ARCH" ]   && echo "ARCH=$ARCH"     >  /etc/debootstrap/variables

 [ -n "$GRUB" ]   && echo "GRUB=$GRUB"     >> /etc/debootstrap/variables
 [ -n "$GROOT" ]  && echo "GROOT=$GROOT"   >> /etc/debootstrap/variables
 [ -n "$TARGET" ] && echo "TARGET=$TARGET" >> /etc/debootstrap/variables
 [ -n "$MIRROR" ] && echo "MIRROR=$MIRROR" >> /etc/debootstrap/variables
 [ -n "$GRUB" ]   && echo "GRUB=$GRUB"     >> /etc/debootstrap/variables
 [ -n "$GROOT" ]  && echo "GROOT=$GROOT"   >> /etc/debootstrap/variables
 [ -n "$TARGET" ] && echo "TARGET=$TARGET" >> /etc/debootstrap/variables
 [ -n "$MIRROR" ] && echo "MIRROR=$MIRROR" >> /etc/debootstrap/variables

-[ -n "$CHROOTMIRROR" ] && echo "CHROOTMIRROR=$CHROOTMIRROR" >> /etc/debootstrap/variables
+[ -n "$MIRROR" ] && echo "MIRROR=$MIRROR" >> /etc/debootstrap/variables
+[ -n "$ROOTPASSWORD" ] && echo "ROOTPASSWORD=$ROOTPASSWORD" >> /etc/debootstrap/variables

 
 # make sure at least $TARGET is set [the partition for the new system]
 if [ -z "$TARGET" ] ; then
 
 # make sure at least $TARGET is set [the partition for the new system]
 if [ -z "$TARGET" ] ; then


@@ -182,20 +207,38 @@ stage() {
 # }}}
 
 # user should recheck his configuration {{{
 # }}}
 
 # user should recheck his configuration {{{

-einfo "$0 - Please recheck configuration before execution:"
-echo "
-   Target:           $TARGET"
-   case "$MNTPOINT" in "$TARGET") ;; *) echo "   Mount-point:      $MNTPOINT" ;; esac
-   [ -n "$GRUB" ]   && echo "   Install grub to:  $GROOT / $GRUB"
-   [ -n "$MIRROR" ] && echo "   Using mirror:     $MIRROR"
-   case "$MNTPOINT" in "$TARGET") ;; *) echo "  Important! Continuing will delete all data from ${TARGET}!" ;; esac
-   echo
-einfon "Is this ok for you? [y/N] "
-
-read a
-if ! [ "$a" = 'y' -o "$a" = 'Y' ] ; then
-   eerror "Exiting as requested." ; eend 1
-   exit 1
+# support full automatic installation:
+checkforrun() {
+   dialog --timeout 10 --title "$0" \
+          --yesno "Do you want to stop at this stage?
+
+Notice: you are running grml-debootstrap in non-interactive mode.
+grml-debootstrap will install Debian ${RELEASE} on ${TARGET}.
+Last chance to quit. Timeout of 10 seconds running....
+
+Do you want to stop now?" 0 0 2>/dev/null
+}
+
+if [ -n "$AUTOINSTALL" ] ; then
+   if checkforrun ; then
+      eerror "Exiting as requested" ; eend 0
+      exit 1
+   fi
+else # if not running automatic installation display configuration and prompt for execution:
+   einfo "$0 - Please recheck configuration before execution:"
+   echo "
+      Target:           $TARGET"
+      case "$MNTPOINT" in "$TARGET") ;; *) echo "   Mount-point:      $MNTPOINT" ;; esac
+      [ -n "$GRUB" ]   && echo "   Install grub to:  $GROOT / $GRUB"
+      [ -n "$MIRROR" ] && echo "   Using mirror:     $MIRROR"
+      case "$MNTPOINT" in "$TARGET") ;; *) echo "  Important! Continuing will delete all data from ${TARGET}!" ;; esac
+      echo
+   einfon "Is this ok for you? [y/N] "
+   read a
+   if ! [ "$a" = 'y' -o "$a" = 'Y' ] ; then
+      eerror "Exiting as requested." ; eend 1
+      exit 1
+   fi

 fi
 # }}}
 
 fi
 # }}}
 

diff --git a/grml-debootstrap.txt b/grml-debootstrap.txt
index e13cbe0..7f8f2ef 100644 (file)
--- a/grml-debootstrap.txt
+++ b/grml-debootstrap.txt
@@ -61,6 +61,12 @@ Corresponding with configuration variables MIRROR and CHROOTMIRROR.
 Specify mountpoint that should be used for mounting the target system.
 Corresponding with configuration variable MNTPOINT.
 
 Specify mountpoint that should be used for mounting the target system.
 Corresponding with configuration variable MNTPOINT.
 

+  --password <password>
+
+Use specified password as password for user root. Use with caution, as your
+commandline might be visible in the process list and the shell history.
+It's meant for automatic installation only.
+

   -r, --release <releasename>
 
 Specify release of new Debian system. Supported relases: sarge, etch, lenny and sid.
   -r, --release <releasename>
 
 Specify release of new Debian system. Supported relases: sarge, etch, lenny and sid.